Registration and Network Access Control

1. A computer-implemented method at a network interface device, the method comprising: receiving a network access request from a client device to access a Web site in a public network; replying to the client device with a redirect to an authentication service; receiving a credential request directed to the client device from the authentication service, the credential request communicated to the client device; receiving user credentials directed to the authentication service from the client device, the user credentials communicated to the authentication service; receiving an encrypted token directed to the client device from the authentication service, the encrypted token communicated to the client device that posts the encrypted token back to the network interface device; communicating a validation request to a network authorization service, the validation request including the encrypted token and a device identifier of the network interface device; receiving validation from the network authorization service, the validation indicating that the network interface device allow the client device access to the public network; and communicating a redirect to the client device to access the Web site in the public network.

2. The computer-implemented method as recited in claim 1 , wherein the user credentials include a username and password combination utilized for authentication by the authentication service.

3. The computer-implemented method as recited in claim 2 , wherein the client device is authenticated to the network interface device without temporary user credentials.

4. The computer-implemented method as recited in claim 1 , wherein the user credentials are associated with the unique device identifier for the network interface device in an access control list that is maintained at the network authorization service.

5. The computer-implemented method as recited in claim 1 , wherein the client device authenticates to the network interface device without temporary credentials.

6. The computer-implemented method as recited in claim 1 , wherein the encrypted token that is directed to the client device is received from the authentication service that authenticates a user of the client device based on the user credentials.

7. The computer-implemented method as recited in claim 1 , wherein the validation received from the network authorization service authorizes the client device to the network interface device.

8. A network interface device, comprising: one or more communication interfaces configured for network and device communication; a processor system to implement a device application configured to: receive a network access request from a client device to access a Web site in a public network; initiate a reply to the client device with a redirect to an authentication service; receive a credential request directed to the client device from the authentication service, the credential request communicated to the client device; receive user credentials directed to the authentication service from the client device, the user credentials communicated to the authentication service; receive an encrypted token directed to the client device from the authentication service, the encrypted token communicated to the client device that posts the encrypted token back to the network interface device; initiate communication of a validation request to a network authorization service, the validation request including the encrypted token and a device identifier of the network interface device; receive validation from the network authorization service, the validation indicating that the network interface device allow the client device access to the public network; and initiate communication of a redirect to the client device to access the Web site in the public network.

9. The network interface device as recited in claim 8 , wherein the user credentials include a username and password combination utilized for authentication by the authentication service.

10. The network interface device as recited in claim 9 , wherein the client device is authenticated to the network interface device without temporary user credentials.

11. The network interface device as recited in claim 8 , wherein the user credentials are associated with the unique device identifier for the network interface device in an access control list that is maintained at the network authorization service.

12. The network interface device as recited in claim 8 , wherein the client device authenticates to the network interface device without temporary credentials.

13. The network interface device as recited in claim 8 , wherein the encrypted token that is directed to the client device is received from the authentication service that authenticates a user of the client device based on the user credentials.

14. The network interface device as recited in claim 8 , wherein the validation received from the network authorization service authorizes the client device to the network interface device.

15. A computer-readable storage memory comprising stored instructions that are executable and, responsive to execution of the instructions by a network interface device, the network interface device performs operations to: receive a network access request from a client device to access a Web site in a public network; reply to the client device with a redirect to an authentication service; receive a credential request directed to the client device from the authentication service, the credential request communicated to the client device; receive user credentials directed to the authentication service from the client device, the user credentials communicated to the authentication service; receive an encrypted token directed to the client device from the authentication service, the encrypted token communicated to the client device that posts the encrypted token back to the network interface device; communicate a validation request to a network authorization service, the validation request including the encrypted token and a device identifier of the network interface device; receive validation from the network authorization service, the validation indicating that the network interface device allow the client device access to the public network; and communicate a redirect to the client device to access the Web site in the public network.

16. The computer-readable storage memory as recited in claim 15 , wherein the user credentials include a username and password combination utilized for authentication by the authentication service.

17. The computer-readable storage memory as recited in claim 16 , wherein the client device is authenticated to the network interface device without temporary user credentials.

18. The computer-readable storage memory as recited in claim 15 , wherein the user credentials are associated with the unique device identifier for the network interface device in an access control list that is maintained at the network authorization service.

19. The computer-readable storage memory as recited in claim 15 , wherein the encrypted token that is directed to the client device is received from the authentication service that authenticates a user of the client device based on the user credentials.

20. The computer-readable storage memory as recited in claim 15 , wherein the validation received from the network authorization service authorizes the client device to the network interface device.